METHOD AND SYSTEM FOR TRACKING FRAUDULENT ACTIVITY

US 20140215626A1
Filed: 04/03/2014
Published: 07/31/2014
Est. Priority Date: 08/20/2004
Status: Active Grant

First Claim

Patent Images

1. A system for tracking potentially fraudulent activity, the system including;

a fraud tracking database; and

a fraud tracking server connected to the fraud tracking database, the fraud tracking server including;

a memory;

one or more processors coupled to the memory and configured to;

receive data identifying a potential spoof site;

generate a spoof site tracking record stored in the fraud tracking database, the spoof site tracking record including the data identifying the potential spoof site;

assign a spoof page identifier to a document associated with an actual spoof site based on unique characteristics of the document;

automatically monitor the actual spoof site to determine whether the actual spoof site is still active by periodically attempting to access the document associated with the actual spoof site; and

update the spoof site tracking record by adding to the spoof site tracking record data indicating whether or not the document was accessible during the automatic monitoring.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for tracking potentially fraudulent activities associated with one or more web sites is disclosed. The system includes a fraud tracking server connected to a fraud tracking database. The fraud tracking server includes a communications module to facilitate the exchange of data between the server and multiple client devices. The fraud tracking server receives data from one or more client devices that identifies a potential spoof site. The fraud tracking server also includes control logic to generate a spoof site tracking record in the fraud tracking database. The spoof site tracking record includes the data identifying the potential spoof site. After the spoof site tracking record has been created, the fraud tracking server notifies an administrator of the potential spoof site by communicating the data received and stored in the fraud tracking database to an administrator.

33 Citations

View as Search Results

20 Claims

1. A system for tracking potentially fraudulent activity, the system including;
- a fraud tracking database; and
  
  a fraud tracking server connected to the fraud tracking database, the fraud tracking server including;
  
  a memory;
  
  one or more processors coupled to the memory and configured to;
  
  receive data identifying a potential spoof site;
  
  generate a spoof site tracking record stored in the fraud tracking database, the spoof site tracking record including the data identifying the potential spoof site;
  
  assign a spoof page identifier to a document associated with an actual spoof site based on unique characteristics of the document;
  
  automatically monitor the actual spoof site to determine whether the actual spoof site is still active by periodically attempting to access the document associated with the actual spoof site; and
  
  update the spoof site tracking record by adding to the spoof site tracking record data indicating whether or not the document was accessible during the automatic monitoring.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, wherein the data identifying the potential spoof site is a URL identifying a document associated with the potential spoof site, and the one or more processors are further configured to extract the URL from an email received by the communications module.
  - 3. The system of claim 2, wherein the one or more processors are further configured to automatically communicate the URL extracted from the email to an administrator.
  - 4. The system of claim 3, wherein the one or more processors are further configured to analyze the URL identifying the document to determine whether the URL is associated with a previously identified spoof site for which a spoof site tracking record already exists.
  - 5. The system of claim 3, wherein the one or more processors are further configured to:
    - receive verification from the administrator that the potential spoof site is an actual spoof site; and
      
      automatically update the corresponding spoof site tracking record with data associated with the actual spoof site.
  - 6. The system of claim 5, wherein the verification received from the administrator indicates that the administrator has viewed the potential spoof site and determined that the potential spoof site is an actual spoof site.
  - 7. The system of claim 5, wherein the one or more processors are further configured to automatically retrieve data associated with the actual spoof site when the administrative module receives the verification from an administrator that the potential spoof site is an actual spoof site.
  - 8. The system of claim 7, wherein the one or more processors are further configured to automatically download the source code of a document associated with the actual spoof site.
  - 9. The system of claim 5, wherein the one or more processors are further configured to:
    - analyze an IP address of a server hosting the spoof site to determine an ISP associated with the IP address; and
      
      automatically generate an email addressed to the ISP associated with the IP address, the email notifying the ISP of the spoof site and requesting the ISP to take action to remove the spoof site.
  - 10. The system of claim 1, wherein the system is part of a network-based commerce system.
  - 11. The system of claim 1, wherein updating the spoof site tracking record includes adding to the spoof site tracking record data indicating the last attempt to access the document.

12. A method comprising:
- receiving data identifying a potential spoof site;
  
  generating, by a processor of a machine, a spoof site tracking record stored in a fraud tracking database, the spoof site tracking record including the data identifying the potential spoof site;
  
  assigning a spoof page identifier to a document associated with an actual spoof site based on unique characteristics of the document;
  
  automatically monitoring, by the processor of the machine, the actual spoof site to determine whether the actual spoof site is still active by periodically attempting to access the document associated with the actual spoof site;
  
  adding to the spoof site tracking record data indicating whether or not the document was accessible during the automatic monitoring of the actual spoof site.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method of claim 12, further comprising:
    - responsive to receiving verification that the potential spoof site is an actual spoof site, retrieving data associated with the actual spoof site; and
      
      ,updating the spoof site tracking record with the retrieved data associated with the actual spoof site.
  - 14. The method of claim 13, wherein the verification is received from an administrator who has viewed the potential spoof site and identified the potential spoof site as an actual spoof site.
  - 15. The method of claim 13, wherein retrieving data associated with the actual spoof site occurs automatically when verification is received that the potential spoof site is an actual spoof site.
  - 16. The method of claim 13, further comprising;
    - analyzing the IP address of the server hosting the spoof site to determine an ISP associated with the IP address; and
      
      generating an email addressed to the ISP associated with the IP address, the email notifying the ISP of the spoof site and requesting the ISP to take action to remove the spoof site.
  - 17. The method of claim 16, wherein analyzing the IP address of the server hosting the spoof site and generating an email addressed to the ISP associated with the IP address occur automatically in response to receiving verification that the potential spoof site is an actual spoof site.

18. A non-transitory machine-readable medium storing a set of instructions that, when executed by the machine, cause the machine to perform operations comprising:
- receiving data identifying a potential spoof site;
  
  generating a spoof site tracking record in a fraud tracking database, the spoof site tracking record including the data identifying the potential spoof site;
  
  assigning a spoof page identifier to a document associated with an actual spoof site based on unique characteristics of the document;
  
  automatically monitoring the actual spoof site to determine whether the actual spoof site is still active by periodically attempting to access the document associated with the actual spoof site; and
  
  adding to the spoof site tracking record data indicating whether or not the document was accessible during the automatic monitoring of the actual spoof site.
- View Dependent Claims (19, 20)
- - 19. The non-transitory machine-readable medium of claim 18, wherein;
    - the data identifying a potential spoof site is a URL identifying a document associated with the potential spoof site;
      
      the receiving of the data receives the data in an email; and
      
      the operations further comprise extracting the URL from the email.
  - 20. The non-transitory machine-readable medium of claim 19, wherein the operations further comprise automatically communicating the URL extracted from the email to an administrator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
eBay Inc.
Inventors
Henley, Mathew Gene, Brown, Andrew Millard, Edberg, Jeremy B., Pam, Quang D.

Granted Patent

US 9,386,029 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06Q 20/4016   involving fraud or risk lev...

H04L 63/102   Entity profiles

H04L 63/14   for detecting or protecting...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/1483   service impersonation, e.g....

METHOD AND SYSTEM FOR TRACKING FRAUDULENT ACTIVITY

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR TRACKING FRAUDULENT ACTIVITY

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links